Mobile Malware on the Rise, Report Says

Enterprises’ use of custom applications to access Web services rose in 2010, while use of traditional browsers to do the same declined, according to the State of the Webreport by Zscaler, a cloud security vendor.

The report, that covered 2010’s fourth quarter and was released Feb. 28, also found that as consumer access patterns shift, cyber-criminal attack techniques may shift with them. “Twitter, or apps to pull down your RSS feeds, or various apps that still communicate over the HTTP protocol but they’re custom apps for digesting Web content haven’t really been targeted in the past for any type of security threats,” said Mike Geide, senior security researcher at Zscaler.

But they are being targeted today and will continue to be in the future, he said. “The bad guys are definitely going to shift their tactics to get the most number of potential victims as possible, and those applications will be ripe for the picking,” Geide said.

The latter-half of 2010, however, saw a number of cyber-criminals arrested, including the apprehension of people in the U.S., United Kingdom, Ukraine and the Netherlands who used Zeus, a Trojan horse that logs keystrokes to steal financial information, to conduct $70 billion in banking fraud. Other noted arrests were of Georg Avanesov, alleged author of the Bredolab bot that allowed users to remotely install malware on endpoints, and Oleg Nikolaenko, who ran a network of computers that generated 10 billion spam e-mails per day. “I definitely wanted to shed some good news in the report instead of just talking about all the bad,” Geide said.

But the bad news includes the emergence of malicious activity that confirms what many have feared: the arrival of mobile malware. The report cites the appearance of Zeus in mobile devices where it attempts to steal passwords from mobile phones.

The report also lists the top 10 sources for spam. The United States took first place with 11.73 percent originating there, the Russian Federation was second at 7.03 percent, and the third was India at 6.73 percent. Italy came in last with 2.66 percent. However, the report also ranks countries with disparities when it comes to the percentage of malicious Web activity versus benign Web activity. Roughly one in 167 of Web transactions in the top three countries in this category — Latvia, Romania and Ukraine — were malicious.

Giede feels that the shift in Web-usage patterns observed in the report show that the relationship between people and the Internet is evolving — whether they be regular citizens or malicious forces. “Security people have to adapt and evolve to the way that users interact with the Web as well as the threats that the attackers put out there. And the attackers — they have to also evolve to the way users are using the Web so that they can get the most bang for their buck,” he said.

By day, Hilton Collins is a staff writer for Government Technology and Emergency Management magazines who covers sustainability, cybersecurity and disaster management issues. By night, he’s a sci-fi/fantasy fanatic, and if he had to choose between comic books, movies, TV shows and novels, he’d have a brain aneurysm. He can be reached at hcollins@govtech.com and on @hiltoncollins on Twitter.

The Senate Judiciary Committee twice voted not to send the proposed law to the floor, making New Mexico one of only three states without a law requiring that consumers be notified in case of data breaches.